Hi, I'm new to OpenWRT, I would like to ask if there's a way to create and access WebGUI using another user/account rather than root, and then restrict some of the functions of the OpenWRT. Thanks in advanced!
There are a few way to go depending on your needs....
-Once off vs bulk
-A few pages vs many
-Page operation changes or complex subsystem interaction
-Your coding skill, and/or familiarity with certain languages
-Performance/resource constraints
-Auditing requirements
One option worth a peak might be A modern web interface for OpenWrt implemented in vue.js and element-ui
When you say create..... are you talking about actually creating a gui or are you thinking "click a few options in LUCI to restrict pages to users"?
1 Like
Sorry, I think I posted a wrong question. What I meant is how to add a user management on web gui, so different user(with less privilege) can access the gui rather than root.
Describe your goals in detail.
You cannot just "add" it, you have to "build" it yourself, or install a different GUI as @anon50098793 suggested.
hnyman
July 25, 2019, 2:29pm
6
There is some old work-in-progress in
opened 04:42PM - 14 Jan 16 UTC
closed 07:26AM - 19 Apr 20 UTC
help wanted
@Hostle has created a functional system for enabling handling multiple users in … Luci.
- User creation, removal and provisioning work.
- Two user classes: admin and user. (root has always full access.)
- Possibility to adjust access on menu-item level
- Possibility to deny ssh access
@Hostle has actually created two alternative methods for a year-old Luci (from March 2015, CC15.05 development cycle) into his Github repo. I have imported the changes into up-to-date DD trunk and have also squashed and polished the commits for discussion purposes to have minimal diffs.
Hostle thinks that the newer method is better, so I will present that here.
Original discussion at forum: https://forum.openwrt.org/viewtopic.php?id=54593
Discussion also at: https://github.com/Hostle/luci/commit/c1ba7d780fbafba1d882e3d05ff96baeaee131f3#commitcomment-15451559
# "New method":
"New" original, commits from Hostle, updated in April 2017: https://github.com/Fire-WRT/luci/commits/multi4
"New" cleaned-up version from my repo, "multi4-clean" branch, contains four squashed commits targeting LEDE & Openwrt DD trunk/master:
https://github.com/hnyman/luci/commits/multi4-clean
(March2018: I have rebased multi4 branch history with the LuCI of June 2017.)
# Trying the code:
If you want to try the multi-user code, you can easily add my Luci repo as a remote to your own git and then pull from "multi4-clean" branch. The multi4-clean branch contains up-to-date LuCI of 26 June 2017.
I used these commands to import this to my own Openwrt build. (I also created a new branch "multiuser" at my local feed repo so that I easily push the changes aside by "git checkout master"):
```
cd feeds/luci
git checkout 6047dacb6253c
git checkout -b multiuser
git remote add hnyman https://github.com/hnyman/luci.git
git pull hnyman multi4-clean
git log --oneline
```
Alternatively, you can download the 4 commits as patches from github and apply them manually. (just add .patch to the end of the commit's page address and you get a patch that can be download with wget.)
# Identified problems/challenges:
NOTE: old, reflects 2015 observations
- Both methods have the drawback that the permission settings only work for previously known pages or menu tabs. E.g. new page system / Custom commands from luci-app-command is not handled. It would be better, if the system somehow sniffed the pages and then decided the permissions based on the main menu tab.
- "new" method required editing existing pages to have permission-checking wrappers around each menu item. E.g. in status, system and network. E.g. https://github.com/hnyman/luci/commit/d56fe7a4aebb10286b8be04234fd6a225a543aee
- system Menu issue (visible although should not be, probably due to other Luci applications): https://github.com/Hostle/luci/commit/c1ba7d780fbafba1d882e3d05ff96baeaee131f3#commitcomment-15454445 that is a weakness in this approach, as 1) all packages would need the modified index() function, and 2) the /model/cbi/admin_users/users.lua module would need to have all available package options available and enabled/disabled by some short of switch
- I compiled "new" for my own ar71xx build and it worked to large extent, but not quite fully with Firefox. Might be cache problems or something. Hostle himself compiled "new" from my repo to his trunk and says that it worked perfectly.
https://github.com/Hostle/luci/commit/c1ba7d780fbafba1d882e3d05ff96baeaee131f3#commitcomment-15451559
Screenshot from trunk Designated Driver r48235:
![multiuser1](https://cloud.githubusercontent.com/assets/7926856/12329216/eb957d5e-bae7-11e5-8464-3ba29ee34014.png)
The code worked in 2017, but I haven't tested it lately.
1 Like